On March 27, Oleksii Matiiasevych, a White Hat Group hacker and architect at Ambisafe Inc., detected and prevented potential dangers at eight major centralized exchanges. Over 200 other exchanges have been warned, but they could still be under threat.

Oleksii Matiiasevych, the lead Ethereum architect at Ambisafe and a reputable ethical hacker, discovered that at least eight top-rated cryptocurrency exchanges were susceptible to the manipulation of their Ethereum account balances. Oleksii discovered a way for hackers to register a new account, fraudulently increase their balance, and then withdraw these funds from the exchange. This could have led to substantial losses before the fraud was even detected. At the moment, eight exchanges have already either fixed the vulnerability, or are in the process of resolving it.

It all started when Oleksii and the team at Ambisafe began checking to see whether existing cryptocurrency exchanges were monitoring their deposits in compliance with Ethereum’s specifications. Simulations showed that several major centralized exchanges had a bug in common that allowed users ETH accounts to be manipulated and altered.

“At first, I detected one possible way for accounts to be compromised. We notified all the exchanges where this vulnerability was found and, just in case, sent a report to around 200 other exchanges that might have potentially been affected by the same bug. It seemed to us that we had done all we could. However, later when I was nearly asleep, I suddenly realized that there might be one more way for hackers to take advantage of this technological flaw. I tested it in the morning and guess what – it worked too!” said Oleksii.

Over three days, Oleksii confirmed his suspicions by testing this exploit on the TOP-10 crypto exchanges. Then he moved on to the TOP-25 and ultimately to the TOP-50. Oleksii, the Giveth, and members from the White Hat Group immediately discovered the vulnerability on five major exchanges and notified those who had been affected. Oleksii has since spotted the problem on three additional exchanges. As a result, over 200 reports have been sent out about potential Ethereum account balance manipulation and the threat that it poses.

However, decentralized exchanges have not been affected, as their user balances are reflected on the blockchain itself. On the contrary, centralized exchanges collect user deposits in a number of their own wallets and reflect every users balance in the database. This database is then updated by a deposits-processing system.

“Orderbook.io by Ambisafe is a decentralized exchange and, thus, it is not in danger of the vulnerabilities discovered by Oleksii. We’re proud that the members of our team have improved the current state of affairs within the Blockchain industry. Our hope is that we will have the opportunity to provide more Blockchain companies with auditing and guidance in the future, especially if they are concerned about possible vulnerabilities. We look forward to supplementing the future integrity of the Blockchain ecosystem.”

Andrey Zamovskiy, CEO and Founder of Ambisafe

This is not the first time that Oleksii Matiiasevych has helped to prevent a crisis in the greater crypto marketplace. After he was informed about a breach in a Parity multi-signature wallet in July 2017, Oleksii personally saved $1.5 million that could have otherwise been stolen by fraudsters. Despite the issues plaguing other wallet providers at the time, the multisig wallets developed by Oleksii’s team at Ambisafe proved to be resistant to the attack, assuring the safety of their client’s funds.

Ambisafe is a product company that offers secure multi-sig repositories, full-service token sales, and a variety of custom blockchain solutions for industries such as IoT, supply chain, and beyond.

Finance.co.uk is one of the leading financial news websites, bringing you the latest on stocks, shares, economy, business and consumer related news. We provide you with the latest breaking news and videos straight from the finance industry.

POPULAR CATEGORY

Our website is completely free for you to use but we may receive a commission from some of the companies we feature. Read more about how our site works here.
Finance.co.uk is a trading name of Paloma Digital Limited, registered in England (09562886). Our registered address is: 2911 Beetham Tower, 301 Deansgate, Manchester M3 4LT and authorised and regulated by the Financial Conduct Authority (FRN769794). We are classed as a credit broker for consumer credit, not a lender. Debt Solutions Subject to conditions and acceptance. Credit rating may be affected. Repaying debt over longer period may increase the total amount to be repaid. Fees payable if continuing services provided. Alternative free-to-consumer debt advice organisations as recommended by the Money Advice Service. *You may be required to pay a contribution towards your debts. Call charges may apply if calling from a mobile.